2020.04.02 09:00 "Re: [Tiff] Question about security vulnerabilities in tiff 4.0.10", by Thomas Bernard
I believe all information is available in the gitlab repository:
https://gitlab.com/libtiff/libtiff
so you could do the verification yourself.
* https://nvd.nist.gov/vuln/detail/CVE-2019-6128 / http://bugzilla.maptools.org/show_bug.cgi?id=2836
Was fixed here:
https://gitlab.com/libtiff/libtiff/commit/ae0bed1fe530a82faf2e9ea1775109dbf301a971
this change is included in v4.1.0
* https://nvd.nist.gov/vuln/detail/CVE-2019-14973
fixed here:
https://gitlab.com/libtiff/libtiff/-/commit/1b5e3b6a23827c33acf19ad50ce5ce78f12b3773
this change is included in v4.1.0
* https://nvd.nist.gov/vuln/detail/CVE-2019-17546
https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145
this change is included in v4.1.0
* https://nvd.nist.gov/vuln/detail/CVE-2019-7663
https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39
this change is included in v4.1.0
Thomas Bernard - thomas.bernard@cls.to
Conseil Logiciel Securite SAS
1 passage du Surmelin
75020 Paris
Tel: +33 9 52 53 61 63
Cellulaire: +33 6 69 95 24 79
Fax: +33 9 57 53 61 63
Editor's note: This mail was not originally archived, and has been reconstructed from quotes.